Search

Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-1644 2 Drupal, Gizra 2 Drupal, Og Vocab 2025-04-11 N/A
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
CVE-2012-1645 2 Drupal, Wimleers 2 Drupal, Cdn 2025-04-11 N/A
The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.
CVE-2012-1646 1 Drupal 1 Faq 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.
CVE-2012-1647 2 Drupal, Mediafront 2 Drupal, Mediafront 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION.
CVE-2012-1648 2 Danielb, Drupal 2 Cool Aid, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1649 2 Danielb, Drupal 2 Cool Aid, Drupal 2025-04-11 N/A
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors.
CVE-2012-1650 2 Drupal, Giantrobot 2 Drupal, Zipcart 2025-04-11 N/A
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions.
CVE-2012-1651 2 Drupal, Thinkleft 2 Drupal, Submenu Tree 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1652 3 Drupal, Wim Leers, Wimleers 3 Drupal, Hierarchical Select, Hierarchical Select 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."
CVE-2012-1653 2 Collectivecolors, Drupal 2 Taxonomy View Integrator Module, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."
CVE-2012-1654 2 Alex Barth, Drupal 2 Data, Drupal 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.
CVE-2012-1655 2 Drupal, Sven Decabooter 2 Drupal, Uc Paydutchgroup \/ Wedeal Payment 2025-04-11 N/A
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors.
CVE-2012-1656 2 Drupal, Wesjones 2 Drupal, Multisite Search 2025-04-11 N/A
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
CVE-2012-1657 2 Drupal, Fourkitchens 2 Drupal, Block Class 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.
CVE-2012-1658 2 Drupal, Fourkitchens 2 Drupal, Ed Readmore 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1659 2 Ariel Barreiro, Drupal 2 Noderecommendation, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1660 2 Drupal, Nathan Haug 2 Drupal, Webform 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.
CVE-2012-1661 1 Esri 1 Arcmap 2025-04-11 N/A
ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.
CVE-2012-1662 2 Broadcom, Microsoft 2 Arcserve Backup, Windows 2025-04-11 N/A
CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request.
CVE-2012-1663 1 Gnu 1 Gnutls 2025-04-11 N/A
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.